<?PHP
// vim: set expandtab tabstop=4 shiftwidth=4:
// +----------------------------------------------------------------------+
// | SAPID: XML Sapiens Engine Demonstrator                               |
// +----------------------------------------------------------------------+
// | Author:  Max Baryshnikov aka Mephius <mb@redgraphic.com>,	          |
// | Dmitry Sheiko <sheiko@cmsdevelopment.com>	                		  |
// | Copyright (c) 2004-2005 Max Baryshnikov                              |
// | http://sapid.sourceforge.net	                                      |
// +----------------------------------------------------------------------+
// | This source file is free software; you can redistribute it and/or    |
// | modify it under the terms of the GNU Lesser General Public           |
// | License as published by the Free Software Foundation; either         |
// | version 2.1 of the License, or (at your option) any later version.   |
// |                                                                      |
// | This source file is distributed in the hope that it will be useful,  |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of       |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU    |
// | Lesser General Public License for more details.                      |
// +----------------------------------------------------------------------+
// Release: 24.02.05 (dd/mm/yy)
// $Id: user_requests_analysis.inc.php,v 1.7 2006/04/16 22:03:47 pioneer-hg Exp $

if (!defined("SAPID_STARTED")) die("Hacking attempt!");

$env["user"]=$_SESSION["user"];
if($_POST["authorize"]=="login"){
	if ($_POST["login"] and $_POST["password"]) {
		if(!isset($sapi_obj)) $sapi_obj = new sapi_vdb();
		$user=$sapi_obj->get_userdata($_POST["login"], $_POST["password"]);
		if($user) {
			$_SESSION["user"]=$env["user"]=$env["user"]=$user;
			$_SESSION["user"]["mode"]=$env["user"]["mode"]=$_POST["mode"];
		}

		if(!$env["user"]) $env["login_error"]="Login incorrect!";
	}
}elseif($_REQUEST["authorize"]=="logout") {
	$env["user"]=$env["user"]=null;
	unset($_SESSION["user"]);
}elseif ($_POST["authorize"]=="register"){
	if(ALLOW_REGISTRATION){
		$db = new sapi_vdb($root_path . "usr/xml/users.xml");
		$users = $db->get_data("users");
		foreach ($users as $user) {
			if($_POST["login"]==$user["login"]){
				$env["registration_error"]="User already exists";
				break;
			}
		}
		if(!$env["registration_error"] and $_POST["password"]==$_POST["c_password"]){

			$data["row"]=$_POST;
			$data["row"]["nologin"]="nologin";
			$data["row"]["group"]=REGISTRATION_GROUP;

			unset($data["row"]["c_password"]);
			unset($data["row"]["authorize"]);

			$data["post_action"]="ADDROW";
			$db->save_data_row("users", $data, false);
			$env["registration_successfull"]="Registration Successfull!";
		}
	}else $env["registration_error"]="Registration not allowed";
}elseif ($_POST["authorize"]=="edit"){
	if(ALLOW_REGISTRATION){
		$db = new sapi_vdb($root_path . "usr/xml/users.xml");
		$users = $db->get_data();
		foreach ($users as $user) {
			if($_POST["login"]==$user["LOGIN"]){
				$id=$user["DATE_CREATE"];
				$nologin=$user["NOLOGIN"];
				break;
			}
		}
		if($_POST["password"]==$_POST["c_password"]){
			$data=$_POST;
			$data["group"]=$env["user.usergroup"];
			unset($data["c_password"]);
			unset($data["authorize"]);
			if($nologin) $data["nologin"]="on"; //pioneer: we set NOLOGIN to "on" only if this is set in users.xml; when NOLOGIN is off (user can log in), there must be no <nologin> section in users.xml
			foreach ($data as $key=>$value)	$_SESSION["user"][strtoupper($key)]=$env["user"][strtoupper($key)]=$value;
			$db->change_data_row($id, $data);
		}else $env["registration_error"]="Passwords not equal";
	}else $env["registration_error"]="Registration not allowed";
}


?>